February 9, 2010 // 11:10 pm - Today the PS3 hack exploit SX28 hardware arrived, so we can begin work on dumping the PlayStation 3 Hypervisor to examine!

Up to now, both GeoHot and xorloser have successfully performed the PS3 hack while a few others simply obtained GeoHot's PS3 Hypervisor dump to study privately.

Needless to say, the rest of the PS3 scene including most of us here, have been waiting to take a peek at the unencrypted bootloader and Hypervisor lv0 and lv1 dumps.

We started by writing a Ubuntu Guide (as did titanmkdHERE) and attempted to use a 555 timer to obtain the 40ns pulse required to trigger the exploit, but like many others who attempted this we too had no such luck!

Luckily xorloser shared some propered code to trigger a 40ns pulse using an SX28 chip. They are a bit harder to find, and a little more expensive (as you need a programmer) but the method is sound.

That brings us to today, and our SX28 chips and programmer arrived - so we will be recreating the hardware, and giving this a go soon!

TUHTA, im not sure myself; but i think what geohot did was pave the way. The first step in hacking the PS3. Like open the door kinda say. Now its just a matter of time before other DEVs put in their share to fully hack the system.

I prob don't make any sense but thats how i understand whats going on. Anyone feel free to correct me with better terms...

@dante489 : Nobody knows the usefulness of the exploit to the purpose of running homebrews yet. But it did gave hypervisor level of access to the system memory so it will probably be useful in the future.

Now, as some guy posted before, there will be a lot of reverse engineering of the two lower levels of the chain of trust and the hypervisor, so hopefully in the future holes will be found.

About GeoHotz work with the ps3 : In my opinion, I think that in his gigantic ego and need for praises he said the phrase of the year "fine, one tweet... i just hacked the PS3." In doing so he attracted more attention in one week than his whole career as an iphone hacker

So I think $ony probably pressured him to stop working with the ps3 or risk being sued to the bone... If he said something like "I think I managed to access some restricted system memory" he would've got a LOT less unwanted attention.

Imo he should've kept working till he got a Hello World running through GameOS before announcing anything. But I don't know if he wanted to get that far. Just my thoughts on the matter.

thanks man !! i think you have a lot of good points and i hope CJPC and other devs can make something out of it!

Hopefully we will have these dumps running in the wild soon enough... It really makes me wonder why it took so much time to do it...

Mainly due to what CJPC outlined in the first post... everyone was trying the cheaper 555 timer for a week after it was released, and then when xorloser posted a slightly more reliable SX28 method new parts had to be ordered to reproduce that way.

Originally Posted by Raze1988

They won't post the dump in a public place tho, since it is copyrighted by Sony.

Correct, once the full lv0 and lv1 dumps are obtained we will sort out the best way to pass them along. My preferred method is through an actual scene release on topsites, but if that doesn't work it will be done via IRC probably... and of course those who grab it from there will upload it to the other channels (P2P, torrents, MU/RS etc).

I can confirm it will definitely NOT be posted here though, only news of the "leak" will like all warez releases.

@dante489 : Nobody knows the usefulness of the exploit to the purpose of running homebrews yet. But it did gave hypervisor level of access to the system memory so it will probably be useful in the future.

Now, as some guy posted before, there will be a lot of reverse engineering of the two lower levels of the chain of trust and the hypervisor, so hopefully in the future holes will be found.

About GeoHotz work with the ps3 : In my opinion, I think that in his gigantic ego and need for praises he said the phrase of the year "fine, one tweet... i just hacked the PS3." In doing so he attracted more attention in one week than his whole career as an iphone hacker

So I think $ony probably pressured him to stop working with the ps3 or risk being sued to the bone... If he said something like "I think I managed to access some restricted system memory" he would've got a LOT less unwanted attention.

Imo he should've kept working till he got a Hello World running through GameOS before announcing anything. But I don't know if he wanted to get that far. Just my thoughts on the matter.

I may be corrected here, but the way I understand it is the otheros HV dump exploit is useless to end-users, and its process, code and hardware will not be incorporated at all in an enduser firmware/hack/modchip. It is a stepping stone which allows hackers and devs to access part of Sony's programming that was previously inaccessible.

Analysing this programming may reveal other approaches that may allow the same people to access more of Sony's programming at a deeper/parallel level. It is akin to peeling back layers of an onion until a complete picture of the onion is revealed, but so far only the first layer has been removed. And it can make you cry sometimes...